CVE-2022-37109

{"id": "CVE-2022-37109", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-11-14T21:15:13.920", "references": [{"url": "http://packetstormsecurity.com/files/171478/Raspberry-Pi-Camera-Server-1.0-Authentication-Bypass.html", "source": "cve@mitre.org"}, {"url": "https://github.com/ehtec/camp-exploit", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/patrickfuller/camp/commit/bf6af5c2e5cf713e4050c11c52dd4c55e89880b1", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://medium.com/%40elias.hohl/authentication-bypass-vulnerability-in-camp-a-raspberry-pi-camera-server-477e5d270904", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie."}, {"lang": "es", "value": "El patrickfuller camp hasta el commit bbd53a256ed70e79bd8758080936afbf6d738767 incluido es vulnerable a un control de acceso incorrecto. El acceso al archivo contrase\u00f1a.txt no est\u00e1 restringido adecuadamente ya que est\u00e1 en el servidor de directorios root por StaticFileHandler y se puede omitir la regla Tornado para generar un error 403 cuando se accede a contrase\u00f1a.txt. Adem\u00e1s, no es necesario descifrar el hash de la contrase\u00f1a para autenticarse con la aplicaci\u00f3n porque el hash de la contrase\u00f1a tambi\u00e9n se utiliza como cookie secreta, por lo que un atacante puede generar su propia cookie de autenticaci\u00f3n."}], "lastModified": "2023-11-07T03:49:44.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:camp_project:camp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DD29B44-1261-4C93-9B90-E9A152929D35", "versionEndExcluding": "2022-07-21"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}